Page 20 of 96 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 128EXPL: 0

CVE-2014-0015 – curl: re-use of wrong HTTP NTLM connection in libcurl

https://notcve.org/view.php?id=CVE-2014-0015

cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. cURL y libcurl 7.10.6 hasta 7.34.0, cuando más de un método de autenticación está habilitado, reutiliza conexiones NTLM, lo que podría permitir a atacantes dependientes de contexto autenticarse como otros usuarios a través de una solicitud. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://curl.haxx.se/docs/adv_20140129.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127627.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128408.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00066.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/56728 http:/ • CWE-287: Improper Authentication •